Mail Archives: cygwin/2019/03/06/11:17:49

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2019/03/06/11:17:49

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:subject:message-id:reply-to

:references:mime-version:content-type:in-reply-to; q=dns; s=

default; b=ZPZH6t5+mipLyQU9GMHgbCgQOR8mvDoVn32ZEv63vVgF8YS6kC6if

a0rNLRK1SkjxB10PpErG4B2y8rKtOyxONmEeOr5PH/CBxB15EWKUvs8XmyGKJdrz

9cHQ0C2BCif1dgOcm8tpBYZ0PRerYOShZoXnW50TSMzbXXJI3b4Zpk=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:subject:message-id:reply-to

:references:mime-version:content-type:in-reply-to; s=default;

bh=GhNRBa5PvAswB7d5HUsIQhEI5ZM=; b=V4tK5aR7gWF3aVxCM/TQ3J5dvjpb

M8mi6xqEvpdl+JsbUoWNOFlxA8Gq5n/CtNUrtOZltlzhGVCdWoD9mCCf6P7DRTr7

PSrNQPpxUDOgZb61SiHOE88eouTpOJVmGS3otjJ4mTg5VuPSXhyRUTT88sUAN6JX

lpc3kMWvHstIAZI=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Spam-SWARE-Status: No, score=-100.9 required=5.0 tests=BAYES_00,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 spammy=Hx-languages-length:771, H*F:D*cygwin.com

X-HELO: mout.kundenserver.de

Date: Wed, 6 Mar 2019 17:17:31 +0100

From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>

To: cygwin AT cygwin DOT com

Subject: Re: Logging-in using ssh elevates the user privilege.

Message-ID: <20190306161731.GA3785@calimero.vinschen.de>

Reply-To: cygwin AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

References: <20190307010000 DOT fc28b73739c2dd66e609982b AT nifty DOT ne DOT jp> <20190306161504 DOT GZ3785 AT calimero DOT vinschen DOT de>

MIME-Version: 1.0

In-Reply-To: <20190306161504.GZ3785@calimero.vinschen.de>

User-Agent: Mutt/1.11.3 (2019-02-01)

--EyuBRJR0MsVMWKTf
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mar  6 17:15, Corinna Vinschen wrote:
> On Mar  7 01:00, Takashi Yano wrote:
> > Hello,
> >=20
> > I would like to report a problem of recent cygwin.
> >=20
> > If a user logs in via ssh, the user aqcuires the elevated
> > privilege if the user belongs to Administrators group.
>=20
> This is by design, and this is no new behaviour.  As soon as an admin
> account logs in, seteuid uses the elevated token.  Cygwin is doing that
> since 2015.

Actually, since 2010.

>=20
> After all, from an ssh session there would be *no* chance to run
> administrative tasks if the user would only get a non-elevated token.
> There's no way to switch to the elevated token from an ssh session.


Corinna

--=20
Corinna Vinschen
Cygwin Maintainer

--EyuBRJR0MsVMWKTf
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoVYPmneWZnwT6kwF9TYGna5ET6AFAlx/8psACgkQ9TYGna5E
T6BEQhAAlHrJrWIkBIyx/9Uj4sXFNYav02pigL7HVORavdBVkT3oY6/ZufxIZwab
DP2+xFViXl3JuKjEvSegRT4mLpJp7gjfw5QNZ6+aGIobxJ3WHQCvVxVi6Rqmx42s
K7ofyl3V2S/jDnddNDpK90Zq2Gt58vVA2Hd8KIcv5gznIRijUpenTvWG9Q0w6lWt
ByZ3GyRXhV1V8OAVwSIT4hlxiIlGDNXYnvcQIawAItFn9wZSTrszoYo8v7bpYQLL
IMJT2o7fHKuHjyA5rbKLC1C43cq3+Nr9+3jXqyHXM/a61m/VObyMJ5vZUFU/rtVx
y7MJbdg34HiUIuuDaN+nHZByLbySSTUQIDDMFr/lUpMoumrzt/pm79xZcw1Njryb
7xZ4KuWxvom3KBC/MvQXpB/D4sHtoJU5k88iAaMbKHIWQCcHcygdPuRWBtxAB46V
zUup8Y5a8juUhGd2V6k1kgJiv87Pv7Y3Jen+36pK0YePYScNNYtSW43V/dxrViG2
dF1BYZiQhN2DbmsnrQBnJKrIVB7VtI8c4ltaVN+Wvk3sIfVeq9CgalH4cXXGLFY9
MDuSpSK+mCJB9WAnNg1CNoh2qOdRYr2W4uAvlW+udwb7zxBszW2i06PphsV5nvqA
1u365Hh5sJDpCo5I4z19Kw4sHTyChjK90FUKnsCsk+JeJVA2Ml4=
=qPWV
-----END PGP SIGNATURE-----

--EyuBRJR0MsVMWKTf--

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=ZPZH6t5+mipLyQU9GMHgbCgQOR8mvDoVn32ZEv63vVgF8YS6kC6if
	a0rNLRK1SkjxB10PpErG4B2y8rKtOyxONmEeOr5PH/CBxB15EWKUvs8XmyGKJdrz
	9cHQ0C2BCif1dgOcm8tpBYZ0PRerYOShZoXnW50TSMzbXXJI3b4Zpk=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	bh=GhNRBa5PvAswB7d5HUsIQhEI5ZM=; b=V4tK5aR7gWF3aVxCM/TQ3J5dvjpb
	M8mi6xqEvpdl+JsbUoWNOFlxA8Gq5n/CtNUrtOZltlzhGVCdWoD9mCCf6P7DRTr7
	PSrNQPpxUDOgZb61SiHOE88eouTpOJVmGS3otjJ4mTg5VuPSXhyRUTT88sUAN6JX
	lpc3kMWvHstIAZI=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Spam-SWARE-Status:	No, score=-100.9 required=5.0 tests=BAYES_00,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 spammy=Hx-languages-length:771, HF:Dcygwin.com
X-HELO:	mout.kundenserver.de
Date:	Wed, 6 Mar 2019 17:17:31 +0100
From:	Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To:	cygwin AT cygwin DOT com
Subject:	Re: Logging-in using ssh elevates the user privilege.
Message-ID:	<20190306161731.GA3785@calimero.vinschen.de>
Reply-To:	cygwin AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
References:	<20190307010000 DOT fc28b73739c2dd66e609982b AT nifty DOT ne DOT jp> <20190306161504 DOT GZ3785 AT calimero DOT vinschen DOT de>
MIME-Version:	1.0
In-Reply-To:	<20190306161504.GZ3785@calimero.vinschen.de>
User-Agent:	Mutt/1.11.3 (2019-02-01)